CVE-2025-24000

HIGH EXPLOITED

WPExperts Post SMTP <3.2.0 - Auth Bypass

Title source: llm

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP post-smtp allows Authentication Bypass.This issue affects Post SMTP: from n/a through <= 3.2.0.

Exploits (1)

nomisec WORKING POC

by bsdrip · infoleak

https://github.com/bsdrip/CVE-2025-24000-exploit

View Code ZIP pw:eip

References (2)

[Vdb Entry] https://patchstack.com/database/Wordpress/Plugin/post-smtp/vulnerability/wordpress-post-smtp-3-2-0-privilege-escalation-vulnerability?_s_id=cve

[Third Party Advisory] https://patchstack.com/database/wordpress/plugin/post-smtp/vulnerability/wordpress-post-smtp-3-2-0-privilege-escalation-vulnerability?_s_id=cve

Scores

CVSS v3 8.8

EPSS 0.0008

EPSS Percentile 24.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-07-24

CWE

CWE-288

Status published

Products (2)

Saad Iqbal/Post SMTP < 3.2.0

WPExperts/Post SMTP < 3.2.0

Published Aug 07, 2025

Tracked Since Feb 18, 2026